Description |
1 online resource : illustrations |
Bibliography |
Includes bibliographical references and index. |
Summary |
This book gives the practical methodology needed to plan and execute a social engineering penetration test and assessment. It has insights into how social engineering techniques--including email phishing, telephone pretexting, and physical vectors--can be used to elicit information or manipulate individuals into performing actions that may aid in an attack. Using the book's easy-to-understand models and examples, the reader will have a much better understanding of how best to defend against these attacks. The authors show hands-on techniques they have used at RandomStorm to provide clients with valuable results that make a real difference to the security of their businesses. The book shows how to use widely available open-source tools to conduct pen tests and the practical steps to improve defense measures in response to test results. -- Edited summary from book. |
Contents |
Front Cover; Social Engineering Penetration Testing; Copyright Page; Contents; Foreword; Acknowledgements; About the Authors; About the Technical Editor; 1 An Introduction to Social Engineering; Introduction; Defining social engineering; Examples from the movies; Sneakers; Hackers; Matchstick Men; Dirty Rotten Scoundrels; The Imposter; Famous social engineers; Kevin Mitnik; Frank Abagnale; Badir brothers; Chris Hadnagy; Chris Nickerson; Real-world attacks; The RSA breach; The Buckingham Palace breach; The Financial Times breach; The Microsoft XBox breach; Operation Camion; Summary. |
|
2 The Weak Link in the Business Security ChainIntroduction; Why personnel are the weakest link; Secure data with vulnerable users; The problem with privileges; Data classifications and need to know; Security, availability, and functionality; Customer service mentality; Poor management example; Lack of awareness and training; Weak security policies; Weak procedures; Summary; 3 The Techniques of Manipulation; Introduction; Pretexting; Impersonation; Baiting; Pressure and solution; Leveraging authority; Reverse social engineering; Chain of authentication; Gaining credibility. |
|
From innocuous to sensitivePriming and loading; Social proof; Framing information; Emotional states; Selective attention; Personality types and models; Body language; Summary; 4 Short and Long Game Attack Strategies; Introduction; Short-term attack strategies; Targeting the right areas; Using the allotted time effectively; Common short game scenarios; Long-term attack strategies; Expanding on initial reconnaissance; Fake social media profiles; Information elicitation; Extended phishing attacks; Gaining inside help; Working at the target company; Targeting partner companies. |
|
Long-term surveillanceSummary; 5 The Social Engineering Engagement; Introduction; The business need for social engineering; Compliance and security standards; Payment Cards Industry Data Security Standard; ISO/IEC 27000 information security series; Human Resource Security, Domain 8; Physical and Environmental Security, Domain 9; Social engineering operational considerations and challenges; Challenges for the social engineers; Less mission impossible, more mission improbable; Dealing with unrealistic time scales; Dealing with unrealistic time frames; Taking one for the team; Name and shame. |
|
Project managementChallenges for the client; Getting the right people; Legislative considerations; The Computer Misuse Act 1990 (UK)-http://www.legislation.gov.uk/ukpga/1990/18; Section 1-Unauthorized access to computer material; Section 2-Unauthorized access with intent to commit or facilitate commission of further offenses; Section 3-Unauthorized acts with intent to impair or with recklessness as to impairing, operation of computer, etc.; The Police and Justice Act 2006 (UK)-http://www.legislation.gov.uk/ukpga/2006/48/contents. |
Subject |
Social engineering.
|
|
Social sciences.
|
|
Social Sciences |
|
Ingénierie sociale. |
|
Sciences sociales. |
|
social sciences. |
|
Social sciences |
|
Social engineering |
Genre |
Llibres electrònics. |
Added Author |
Mason, Andrew G., author.
|
|
Ackroyd, Richard, author.
|
Other Form: |
Print version: Watson, Gavin, 1982- Social engineering penetration testing 9780124201248 (DLC) 2014003510 (OCoLC)871186904 |
ISBN |
9780124201828 |
|
0124201822 |
|
1306642329 (ebk) |
|
9781306642323 (ebk) |
|
0124201245 |
|
9780124201248 |
|